From 9ab9f176d2062a3ae198b7108af949f044920e81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Elan=20Ruusam=C3=A4e?= <glen@delfi.ee>
Date: Sat, 10 Nov 2007 16:12:55 +0000
Subject: [PATCH] - apply patches from #1384

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2020 152afb58-edef-0310-8abb-c4023f1b3aa9
---
 NEWS             |  1 +
 src/server.c     | 21 +++++++++++++--------
 src/spawn-fcgi.c | 18 ++++++++++++------
 3 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/NEWS b/NEWS
index acbec7da..925913e5 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,7 @@ NEWS
 
   * added support for If-Range: <date> (#1346)
   * added support for matching $HTTP["scheme"] in configs
+  * fixed initgroups() called after chroot (#1384)
 
 - 1.4.18 - 2007-09-09
 
diff --git a/src/server.c b/src/server.c
index 132eb323..1c79d775 100644
--- a/src/server.c
+++ b/src/server.c
@@ -759,6 +759,19 @@ int main (int argc, char **argv) {
 
 			return -1;
 		}
+#ifdef HAVE_PWD_H
+		/* 
+		 * Change group before chroot, when we have access
+		 * to /etc/group
+		 * */
+		if (srv->srvconf.groupname->used) {
+			setgid(grp->gr_gid);
+			setgroups(0, NULL);
+			if (srv->srvconf.username->used) {
+				initgroups(srv->srvconf.username->ptr, grp->gr_gid);
+			}
+		}
+#endif
 #ifdef HAVE_CHROOT
 		if (srv->srvconf.changeroot->used) {
 			tzset();
@@ -775,15 +788,7 @@ int main (int argc, char **argv) {
 #endif
 #ifdef HAVE_PWD_H
 		/* drop root privs */
-		if (srv->srvconf.groupname->used) {
-			setgid(grp->gr_gid);
-			setgroups(0, NULL);
-		}
-
 		if (srv->srvconf.username->used) {
-			if (srv->srvconf.groupname->used) {
-				initgroups(srv->srvconf.username->ptr, grp->gr_gid);
-			}
 			setuid(pwd->pw_uid);
 		}
 #endif
diff --git a/src/spawn-fcgi.c b/src/spawn-fcgi.c
index 8237e796..99042689 100644
--- a/src/spawn-fcgi.c
+++ b/src/spawn-fcgi.c
@@ -404,6 +404,18 @@ int main(int argc, char **argv) {
 			}
 		}
 
+		/*
+		 * Change group before chroot, when we have access
+		 * to /etc/group
+		 */
+		if (groupname) {
+			setgid(grp->gr_gid);
+			setgroups(0, NULL);
+			if (username) {
+				initgroups(username, grp->gr_gid);
+			}
+		}
+
 		if (changeroot) {
 			if (-1 == chroot(changeroot)) {
 				fprintf(stderr, "%s.%d: %s %s\n",
@@ -420,13 +432,7 @@ int main(int argc, char **argv) {
 		}
 
 		/* drop root privs */
-		if (groupname) {
-			setgid(grp->gr_gid);
-		}
 		if (username) {
-			if (groupname) {
-				initgroups(username, grp->gr_gid);
-			}
 			setuid(pwd->pw_uid);
 		}
 	}